MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d17e318a643e95278c5a1e9630cc190c536720ac7814523bebd73d4fa7b3433c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d17e318a643e95278c5a1e9630cc190c536720ac7814523bebd73d4fa7b3433c
SHA3-384 hash: c0edb58a22c4a1faef227d5db13a63f0151025a143ac3cc9780105817a29b64f1311a4649494c232a296c26a32d354c5
SHA1 hash: e69422f338ebde7197a16f16bf096288eef5e534
MD5 hash: 5159087b4f7d96ac05fb02dc568186e3
humanhash: yankee-quiet-rugby-charlie
File name:Narula Group - products specifications.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:639'243 bytes
First seen:2020-10-21 07:02:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:+qQndMM7wThvSJlYTWbcELlWVtHDiAF3DDsypMHwodZr6e:+XndMFvSYTi5LlWVBmAZDsyqHVl
TLSH 21D423EBA5A93CAE0905B6F96952C43C0911FE53FE651576E8A622328BFC31C0D34C6D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: viettelidc.com.vn
Sending IP: 103.1.208.228
From: Narula Group of Industries <fujibond@narulapackaging.com>
Subject: PURCHASE ORDER - INQUIRY
Attachment: Narula Group - products specifications.zip (contains "Narula Group - products & specifications.exe")

AgentTesla SMTP exfil server:
mail.daiphatfood.com.vn:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.147864.29696.24859.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d17e318a643e95278c5a1e9630cc190c536720ac7814523bebd73d4fa7b3433c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-20 16:33:29 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2f7ddcteh2kspdc2d2ldbtazbrjwoifmpakfeo7l246u7j5tim6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d17e318a643e95278c5a1e9630cc190c536720ac7814523bebd73d4fa7b3433c

(this sample)

AgentTesla

Executable exe 3e85f299521db50b9f3e2004b0e07f2f9dbf8ea0d26460fa4782a73f6007e002

  
Dropping
MD5 48b9f88c09a74abf76d8cc6a04987355
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3e85f299521db50b9f3e2004b0e07f2f9dbf8ea0d26460fa4782a73f6007e002

Comments